This page answers frequently asked questions about signing native iOS, Android, and Windows Phone applications so they can be distributed to mobile device users through the App Catalog. If your question is not listed here, try entering a keyword in the search box at the top right to search other pages.

What is signing?

Signing (also known as code signing) uses a digital certificate and private key to seal an app and identify its author. This process identifies an app as belonging to your organization and ensures that the app has not been modified since it was last signed.

For more information about what signing is and why you must do it, see About Signing.

What do I need in order to sign apps through the Admin Portal?

The requirements for signing apps are different for iOS, Android, and Windows Phone. Once you have created the appropriate credentials, you can either store them on your computer or store them in Apperian for easy access during signing.

How do I create signing credentials for iOS apps?

To sign an iOS app using either the Portal or the signing package, you need:

An Apple Developer account from the Apple Developer Program.

A distribution certificate (also referred to as a production certificate) that is paired with a private key and approved by Apple. The distribution certificate authenticates that the app comes from an Apple-trusted source (this is the signature). A distribution certificate is not specific to a particular app; you can use the same certificate to sign all your iOS apps.

A distribution provisioning profile, which authorizes devices to use the app. The provisioning profile is the file actually used to sign the app. It includes a name, a distribution certificate, and an app ID. The provisioning profile should use an unique app ID associated with a particular application.

What is the difference between the standard iOS Developer Program and the iOS Developer Enterprise Program?

What is the difference between an Individual Developer License and an Enterprise Developer License?

An "Individual Developer License" is another way to refer to a developer's account for the standard iOS Developer Program. That is, an account that can create a distribution provisioning profile to distribute apps to up to 100 specific iOS devices. An "Enterprise Developer License" refers to an account for the iOS Developer Enterprise Program. Organizations with this account can create provisioning profiles to distribute apps to an infinite number of devices.

What is the difference between a development provisioning profile and a distribution provisioning profile?

A development provisioning profile is associated with a development certificate that identifies a single developer on a team. It authorizes an app to use certain technologies and run on designated devices during development. In order to work, it requires Xcode, which makes it useful during the app development process only. It is not for deploying apps to users.

A distribution provisioning profile is associated with a distribution certificate that identifies a team, not a team member. It authorizes an app to run on devices without the assistance of Xcode. A distribution provisioning profile is used to deploy an app to users via the App Store or other app marketplace, such as the App Catalog.

How can I check the expiration date of iOS signing credentials?

You can check the expiration date of an application in the Expiration Date column on the Applications page. The Expiration Date column is hidden by default; use the Show/hide columns menu to display it. In additional, status tags on the Applications page identify apps that are due to expire soon or have already expired.

You can also check the expiration date of an iOS app's credentials on the Signing page for the app.

If you have an iOS Developer Program account, you can also log in to the iOS Dev Center to check expiration status, create new distribution certificates, and perform other tasks to create and manage signing credentials for iOS apps.

Apperian helps track expiration dates of signing credentials by notifying Administrators about iOS apps due to expire. Notification emails are sent 60 days before an app expires, 45 days before, 30 days before, and then every day until the app either expires or is re-signed with a current distribution certificate and provisioning profile.

You can also check the expiration date of any signing credentials you have stored in Apperian. To do this, go to Signing Credentials on the Settings page.

For more information about expired iOS apps and what to do when an app is about to expire, see iOS App Expiration.

How can I check the expiration date of a Windows Phone certificate?

If you have access to a Windows computer with the Windows Phone certificate installed, you can check the expiration date from the Internet Properties dialog. If you have the PFX file but do not have access to a computer where it is installed, you can check the expiration date at the command line.

When do I need to re-sign an app after it is in Apperian?

Do I need to re-sign an app with the same credentials it was signed with previously?

With iOS and Android apps that have been installed on any of your users' devices, it is important that you re-sign the apps with the same credentials they were signed with previously. If you sign an app with different credentials, users will not be able to install an update of the app.

With Windows Phone apps, you need to be sure to sign the app with the same enterprise certificate used to sign the App Catalog. Therefore, if you upload a new version of the app, you need to sign it with the same credentials as the previous version, unless the App Catalog has been re-signed with a different certificate, in which case you would need to re-sign the app with that certificate.